obviously it's at least difficult but I'm interested in knowing if it's theoretically possible to allow anonymous users of vsftpd to upload to the same directory that anon_root is set to. If it's not then it's no big deal, I'm just trying to get a sense of the range of possibilities.
View 1 RepliesI just want to configure Vsftpd to allow users to have total access to the FTP server. The server and users are all on a private LAN behind a router with no access from the Net, so I don't need any security. The following basic configuration doesn't allow uploading files after I log on as anonymous/whatever:
/etc/vsftpd/vsftpd.conf
Code:
listen=YES
anonymous_enable=YES
local_enable=YES
write_enable=YES
xferlog_file=YES
#anonymous users are restricted (chrooted) to anon_root
#anon_root=/home/ftp/incoming
anon_root=/var/ftp
anon_upload_enable=YES
anon_mkdir_write_enable=YES
#chroot_local_user=NO
#chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd.chroot_list
Here's what happens when I log on as anonymous/whatever and try to upload a file:
> ftp server
Connected to server.
220 (vsFTPd 2.0.5)
Name (server:root): anonymous
331 Please specify the password.
Password:<whatever>
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -al
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x 3 0 0 4096 Mar 13 11:19 .
drwxr-xr-x 3 0 0 4096 Mar 13 11:19 ..
drwxr-xr-x 2 0 0 4096 May 25 2010 pub
226 Directory send OK.
ftp> put /var/tmp/ftp
local: /var/tmp/ftp remote: /var/tmp/ftp
200 PORT command successful. Consider using PASV.
553 Could not create file.
Hope you can help me out. I'm trying to setup a "drop-box" on ubuntu 9.10 server with vsftpd. I'm able to login and land in the /home/user directory, however I cannot write anything.
View 5 Replies View RelatedI have installed vsftpd by "yum -y install vsftpd",disabled anonymous login and set .When I use a linux client's file browser to login using a user account "ftpacc" by ftp://ip_address, its location is "/" instead of /home/ftpacc".When I use a window client to login, its location is "/home/ftpacc"
View 1 Replies View Relatedvsftpd is working fine in my network with anonymous user but i need to access that from out-side all the setting is done on the router. I am getting page to access ftp form out-side but only for ftp users not anonymous user how i will give permeation to access ftp to anonymous user ?
View 26 Replies View RelatedIn my house I have a small computer running ubuntu karmic that works as a server/media center.
I would like to have a folder (my ~/public folder) openly available to the entire world via anonymous ftp.
I have read somewhere that the defauld vsftpd config is basically this: no local user login, anon only and sharing a folder called /home/ftp, but I can't get this to work.
Here is my /etc/vsftpd.conf file:
Code:
how to add files (and where) for anonymous download. I installed vsftpd and configure /etc/vsftpd.conf file...just few common options like allowing anonymous,download,upload. And now i can login with anonymous. But i dont know what to do next, i want to try to download and upload files.
View 9 Replies View RelatedThis is on Centos 5.3 by the way..... I had a DVD and, well, just wanted to test some things.. I'm aware that this is not the latest release.
And, by the way (I just read an earlier post) I've added the username and password with which I'm trying to login (..hello?).
I'm at work and I don't have a copy of my Vsftpd configuration file (don't wanna edit this whole thing - actually there is a copy, below). I've used Slackware for years and never had any issues with Vsftpd - it just works. I am trying Centos because I need help with upgrading my mail server (qmail) and there's not much help for Slackware users. Also, I used to run RHEL3 and had vsftpd working fine (had to copy some file to /etc/pam.d) but it worked famously. I compiled all my web server stuff (just don't like these default things where I have no idea how things are integrated) and I'm hung up on - of all things - vsftpd.
Anyway....When I try to log into my ftp server I get "KERBEROS_V4 rejected as an authentication type" and only the anonymous account works. Any other logins produce an error (incorrect login - see ya' later). I have SE Linux and the firewall OFF. I don't recall the directive, precisely, but my vsftpd.conf file is set allow local users to connect. I installed with yum and it added some lines at the bottom (one was about a user list and the other was about PAM). I've got a chroot list and a user list although it's not clear to me precisely where the user list should be placed. I actually uninstalled the RPM and compiled, too. I've done everything but call an exorcist. And I've found tons of posts regarding this on the net and none of the fixes worked. Man - on slackware you type "make" and "make install" (I build it with tcp_wrappers) and you're off to the races.
Actually - I did upload the vsftpd.conf file to work (where I'm at, now). Minus lines that were commented out it looks like this:
Could it, possibly, be something about how I am adding the user, the shell type, etc? I know that in Redhat I used to type "/usr/sbin/useradd -d /home/someuser joe". I've done it that way and I've also done it like so: "useradd -d /home/schmoe -s /bin/bash schmoe".
I am attempting to configure vsftpd to allow anonymous users to PUT files into a shared incoming directory. This would be like a dropbox for my customers. Ideally, the incoming directory's contents would not be viewable by the users.
I believe that refused connection is due to the PAM configuration for vsftpd.
May 4 08:03:16 WSVM-S1-1 sshd[1512]: Invalid user anonymous from xxx.xxx.xxx.xxx
May 4 08:03:16 WSVM-S1-1 sshd[1513]: input_userauth_request: invalid user anonymous
May 4 08:03:16 WSVM-S1-1 sshd[1512]: pam_unix(sshd:auth): check pass; user unknown
[Code].....
I'm trying to get vsftpd running with both anonymous and local user access to the same folder. The directory I'm using is /tftp with the following permissions:
dr-srwxrwx 7 root root 12288 2009-08-14 15:54 tftp
My vsftpd.conf is this:
anonymous_enable=YES
local_enable=YES
write_enable=YES
[code]....
I set the default "ftp" user's home directory to /tftp (was /var/ftp).
I have a text based game installed on a Linux server, and I would like to allow logins on that server via SSH, but with restrictions.The login should go directly to the game which reads keyboard input from stdin. If the game quits the user should be immediately disconnected from the server. Alternately, if the user logs in there should only be one command available to the user, the game.I have thought about using a web based interface to the game, but there is something about playing the game in a terminal that just feels right.Please don't reply with "this is a bad idea..." or its variants because that is an easy out. I just want to know if anyone knows of a solution.
View 2 Replies View Relatedi have a server and im trying to use ftp to edit my website with dreamweaver. im using vsftpd and i have access where i can read all the files but i cant add any. any clues?
View 5 Replies View RelatedIs there a way to delete files on the commandline that uses the KDE-Wastebin?It appears that I never ever need the KDE4 Wastebin for files that I deleted through Konqueror or Dolphin. It is only when I delete files on the konsole with rm that I wish I could undelete them. It always happens like that, mostly by being in the wrong directory or using a wildcard when I should not have. (I don't have any erroneous deleted file right now, and I do have plenty of backups, but I just wonder whether there is something better than rm to use generally on the commandline.)
View 9 Replies View RelatedWhat are the SElinux security context type & booleans in FTP/vsftpd
View 3 Replies View RelatedI am trying to wade through the semanage jungle to get permissions for a tftp client. I followed the HowTos [URL] but I get the following at the client:
tftp> status
Connected to 192.168.1.101.
Mode: netascii Verbose: off Tracing: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp> get hello.o4
tftp: hello.o4: Permission denied
I finally figured out that the firewall directives shown at the end of the HowTo refer to semanage although the options are stated incorrectly according to the man page for semanage. I did insure that the file hello.o4 in /tftpboot has read permission for everybody.
I have CentOS 5.5 distribution with Dom0 and DomU installed. I try to access Dom0 files during vsftpd server from DomU during ftp client. I successfully login with root and simple user, but when I try to list (or cd to some directory) in user home the SELinux prevent it from me. I get this in audit.log:
[Code]....
Any clue? I'm using the same key for root login and it works fine (also works fine for SFTP but i hate using that cause its extremely slow)
View 2 Replies View RelatedThe script "vsftpd_virtualuser_add.sh" from the guide here:
http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users
executes the following line: /usr/bin/chcon -t public_content_rw_t $HOMEDIR/$USERNAME
which returns the error: /usr/bin/chcon: couldn't compute security context from unlabeled
Login attempts are unsuccessful on the given username.I followed the instructions on that page verbatim.I can't find anything useful on that error anywhere - even outside of vsftpd context.This is a new CentOS 5.5 server - updated everything with yum.VSFTP worked fine on the last server, which was a CentOS 5.x.
So I have just set up my cryptsetup.I can open/mount it by either "crypsetup luksOpen" or just clicking on the partition from the "Places" tab and it will ask me for a password and all.
The only problem is that I can't read or write to it at all. Everything is probably root, which isn't useful to me.
So how can I change it so that when I do either of those 2 methods for opening it, I can just fully use it, read and write and everything? As my user.
For example, can I write something to the effect: block all outbound UDP connections over port 53 except those going to IP 123.456.789. Or stated another way: Block outbound to port 53/udp NOT going to ip address 123.454.678Is it possible to do this? How would I write the argument?
View 3 Replies View RelatedLong time reader, first time poster. I've got, what has become to me, a brain bender. It seems ACL's are the best way to go, but I am not 100% sure. Each user should be able to create files and modify each others'files, but should not be able to delete any one elses files in a directory.chmod -1777?setfacl?
View 2 Replies View RelatedI am using the "extend" function of snmpd to run a script in order to extend a monitoring platform. This script being ran by snmpd needs to write to a file in /tmp for later parsing, but SELinux is stopping it from writing to the file under /tmp. The following two lines from my audit.log file show what is happening:
Code:
type=AVC msg=audit(1281516573.123:18422): avc: denied { write } for pid=6933 comm="test2.sh" name="tmp" dev=dm-0 ino=1474561 scontext=root:system_r:snmpd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
[Code]..
I am having difficulties assigning permission for wordpress to write files. I am having problems with the permalink within wordpress and I think it might be because of the level of permission wordpress has. Currently on my system I need to set permission to 777 in order for wordpress to write to the .htaccess file.
I am running my website on a Ubuntu machine. Version 10.10 Apache2 2.2.4
However, when I leave the permission level set to 777 I still cannot get the permalink to point to the corrent page......See my discussion on this here. [URL]
I think what I need to do is change wordpress to use a user permission or a group permission and not "everyone". I would rather have wordpress setup to login as a specific user before it can write over a file.
I am about to write a script to manage daily backup on a USB HDD. The server that holds the data works 24 hours a day and therefor, is seldom rebooted. I have 2 options :
OPT 1 : I mount the usb drive once and for all, and copy the data to it when I need to (twice a day, no more) and never unmount it. Except when the server is rebooted of course.
and OPT 2 : I mount the drive, copy the data and unmount it ASAP twice a day when the time has come to backup the data.
on the following link [URL] section 2 says
Quote:
The following directories need to be readable, writeable and executable for everyone:
* dokeos/main/inc/conf/
* dokeos/main/upload/users/
* dokeos/main/default_course_document/
* dokeos/archive/
[Code].....
I am not at all convinced by the idea of giving permissions to read,write and execute as these Learning Management Systems say. Let me know what you people have to say? What is the best practise in such situations? I have to get all these LMS run on same web server.
Write a shell script setup linux security policies include:
1. password policy
2. User policy
3. firewall
Note: Create a file.sh from 1 to 3. purposes:
If (1) successful then 2 If (2) successful then 3 End
I don't know how to write a shell script to set security policies for Linux to start. and how. I know that there are many security policies for Linux but do not know which one best suited to write a shell script.
View 5 Replies View RelatedI just found that I could perform write operation using a normal user account to a file system I mounted with the commands as followed:
sudo mount -t ntfs /dev/sda1 /mnt/disk/
This is the corresponding entry in the output of "mount" command:
/dev/sda1 on /mnt/disk type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096)
As far as I remember, when using a normal user account, I had to use "sudo" to perform any write operations (mkdir, rm, etc) to a device mounted using "sudo". But now it seems to be changed.
Do I remember wrong, or did Karmic have any updates change this setting? (I never manually changed user settings, except that I added a root user, but I never used it.)
OS: Karmic(up2dated)
Kernel: Linux stephen-laptop 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 16:20:31 UTC 2009 i686 GNU/Linux
I use Ubuntu 10.10 with encrypted home. I'm new with apparmor. My firefox-3.6.13 is now in enforce mode - with standard profile. With this profile it should have write access only to:
owner @{HOME}/Downloads/* rw,
But I can save files (with standard downloadmanager of firefox) e.g. in $HOME itself and I can't find any other rule, which could allow that. I have thing, that ecryptfs workaround just affects the eCryptFS "part of things" and limitations of normal filenames/paths (in mounted ecryptfs) are still possible. Why can firefox write elsewhere as in to ${HOME}/Downloads? I get also this in kern.log (but not by saving a file as wrote above):
Feb 27 05:49:30 duron650 kernel: [ 2284.886631] type=1400 audit(1298782170.190:4: apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/home/.ecryptfs/hugo/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVX6-OCUaSGk2nU5ADkJx.rdk--/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVXFlmP1qlJBZ2eq7XFiWljUE--" pid=2209 comm="firefox-bin" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
Why do firefox try to write to it and why do it fail even with #13 workaround?
Feb 27 06:03:23 duron650 kernel: [ 3118.231818] type=1400 audit(1298783003.534:49): apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/tmp/.X0-lock" pid=2304 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Why try firefox to access X lock?
I had to reinstall Ubuntu (Natty) on a brand new computer and while installing I setup the datas partition to be mounted in /usr but now I can't have access to files I put in there even if I setup the group/user permission! I can accezz /usr/Music but all files are locked
View 5 Replies View Related